C++

Forum

 
Checking for a process every split-second

luq (32)
Hi,

I'm currently writing a program that needs to react when another program starts. So for example when notepad.exe starts (as a process), my programming has to cout << "yesh, Notepad.exe is running now" << endl;

No I've found a code to check whether a process is running:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
bool isRunning(string pName)
{
	unsigned long aProcesses[1024], cbNeeded, cProcesses;
	if(!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
		return;

	cProcesses = cbNeeded / sizeof(unsigned long);
	for(unsigned int i = 0; i < cProcesses; i++)
	{
		if(aProcesses[i] == 0)
			continue;

		HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, aProcesses[i]);
		char buffer[50];
		GetModuleBaseName(hProcess, 0, buffer, 50);
		CloseHandle(hProcess);
		if(pName == string(buffer))
			return true;
	}
	return false;
}


This works, but now I want to check whether the program is running every split-second so that my code can immediately react when a certain process starts. Anybody willing and able to help me out?

Thanks in advance, LuQ
Last edited on
luq (32)
I've found some information on the kbhit() function, but it seems like it only reacts when the keyboard gets slammed :P. I'm looking for the C++ equivalent of JavaScripts setInterval() or something like that.
Last edited on
george135 (268)
It's not a right method. You must never do polling.
Use process creation Notifications (see MSDN or http://tinyurl.com/cmhb5g for C++ code)
webJose (2948)
You could use Sleep() inside a loop:

1
2
3
4
5
6
 
BOOL processFound = FALSE;
while (!processFound)
{
    Sleep(500);
    processFound = IsRunning(theAppsName);
}


Or you could register a timer if you have a window (and a window procedure). See http://msdn.microsoft.com/en-us/library/ms644906%28VS.85%29.aspx.
luq (32)
It's not a right method. You must never do polling.
Use process creation Notifications (see MSDN or http://tinyurl.com/cmhb5g for C++ code)


I feel really ashamed that I couldn't find process creation notifications on both MSDN and Google Groups.. can you send me some a direct link to the threads? Why shouldn't I use a timer by the way?

Thanks for the replies so far.
kbw (9488)
Process Creation Notification without polling, if it exists, itis probably in WMI. You could look there.

Otherwise you have to use webJose's method.
Last edited on
closed account (z05DSL3A)
I remember once doing something with PsSetCreateProcessNotifyRoutine() in a driver once.
kbw (9488)
You're right, that'll do it.
luq (32)
OK I've found the doc of PsSetCreateProcessNotifyRoutine() on MSDN. But to be really honest, I don't really understand how I should work with it.. can anybody post a piece of code that shows how to make it work?

It's not that I'm lazy, I've really tried it, but I'm just a beginner /me is crying.
Last edited on
webJose (2948)
Two things: That notification seems to be only for kernel mode, and it is only available in Windows Vista SP1 or above.

I have never EVER tried to code a driver, so I am unsure if this is even feasible in a common application. I am guessing this route is not possible in user mode applications like the one lug is trying to create, or am I mistaken?

And don't say "Create a driver and make your application use the driver to get the notification"!! :-)
closed account (z05DSL3A)
And don't say "Create a driver and make your application use the driver to get the notification"!! :-)

I wouldn't recommend creating a driver, it was meant to be a response to kbws comment about if notification exists.

There is an article on Code Project that may be of interest (I have not read it, just skimmed)
Detecting Windows NT/2K process execution
http://www.codeproject.com/KB/threads/procmon.aspx
webJose (2948)
LOL! You didn't say it, but the article in CodeProject sure did. I did not read it fully, but it clearly stated that the idea is to create a driver and have this driver notify the application.
luq (32)
Well, what are the pros and cons of creating a driver to check for processes, and are there any other options then using drivers? The article you've pointed at is about creating drivers etc.
helios (17574)
I'd go with the polling method. KISS.
luq (32)
Well I also need a function that should be called 3 times randomly in 30 min, but somehow I think Sleep() is not really the right function, so after all, which methods should I use for both problems?
closed account (z05DSL3A)
This may be going a little off track but...

The following code sets up three timers, One fires every second (for polling), one is set with a 'random' interval and is killed when it first fires, and the third is set to 10 seconds and ends the program.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
#include <windows.h>
#include <iostream>

#define POLL_TIMER   1
#define RND_TIMER    2
#define END_TIMER    3

UINT PollingTimerId (0);
UINT RndTimerId (0);
UINT EndTimerId (0);

VOID CALLBACK PollingTimerProc(HWND /*hWnd*/, UINT /*nMsg*/, UINT /*nIDEvent*/, DWORD /*dwTime*/) 
{
    std::cout << "Polling..." << std::endl;
}

VOID CALLBACK RandomTimerProc(HWND hWnd, UINT /*nMsg*/, UINT /*nIDEvent*/, DWORD /*dwTime*/) 
{
    std::cout << "Random Timer..." << std::endl;
    //Kill the timer so it only fires once.
    KillTimer(hWnd, RndTimerId);
}

VOID CALLBACK EndTimerProc(HWND /*hWnd*/, UINT /*nMsg*/, UINT /*nIDEvent*/, DWORD /*dwTime*/)
{
    std::cout << "Ending..." << std::endl;
    KillTimer(NULL, PollingTimerId);
    KillTimer(NULL, EndTimerId);
    PostQuitMessage (0) ;
}

int main(int /*argc*/, char /**argv[]*/) 
{
    PollingTimerId = SetTimer(NULL, POLL_TIMER, 1000, &PollingTimerProc);
    
    // todo: create a random time interval
    RndTimerId = SetTimer(NULL, RND_TIMER, 3456, &RandomTimerProc);
    
    EndTimerId = SetTimer(NULL, END_TIMER, 10000, &EndTimerProc);
    
    MSG Msg;
    while (GetMessage(&Msg, NULL, 0, 0)) 
    {
	   DispatchMessage(&Msg);
	}
    
    return 0;
}
NB:The code should work but is untested, may need tweaking
luq (32)
Well, I need to look up most of the functions you are using, so I'll reply whether it works or not later on tonight ;-)! Thanks allready, and by the way, whats the meaning of the comments in: VOID CALLBACK EndTimerProc(HWND /*hWnd*/, UINT /*nMsg*/, UINT /*nIDEvent*/, DWORD /*dwTime*/)? I don't what I should write instead of the comments, (if I'm right I need to replace them :P?). God, I thought I had some basic C++ knowlegde...

Thanks, LuQ
Last edited on
george135 (268)
> I feel really ashamed that I couldn't find process creation notifications on both MSDN and Google Groups..

There are several methods and sample codes, User or Kernel mode (but avoid driver when you can do it in User mode...)
The most classic one is with WMI and Win32_Process
http://msdn.microsoft.com/en-us/library/aa390425(VS.85).aspx
Last edited on
closed account (z05DSL3A)
luq,

The signature for a Timer procedure is
VOID CALLBACK TimerProc(HWND hwnd, UINT uMsg, UINT_PTR idEvent, DWORD dwTime);
but as I am not using any of the names of the arguments I comment them out to stop the compiler giving an unreferenced variable warning.

Edit:
The code should compile as it is.

I am assuming you are at least a bit familiar with Windows API programming, if not this has probably been a bit OTT.

Last edited on
luq (32)
@Grey Wolf,

Yeah, it worked out well! All timer function work, but now I've concluded that my above posted "process-check" doesn't works. Kind a stupid offcourse, but the polling function works great! I will try to create another process-check.
Topic archived. No new replies allowed.